Back to Home
GDPR Compliant

Privacy Policy

Last updated: April 1, 2026 · Prepared in compliance with GDPR

At TulparAI, we take the privacy of your personal data seriously. This policy explains what data we collect, why, how we process it, and your rights.

Table of Contents

  1. 1. Personal Data Processed
  2. 2. Retention Periods
  3. 3. International Transfers
  4. 4. Your Rights
  5. 5. Contact
1

Personal Data Processed

DataPurposeLegal Basis
Email, Full nameAccount creation, login, notificationsContract performance (Art. 6(1)(b))
Profile photo (URL)User profileContract performance (Art. 6(1)(b))
Hashed passwordAuthenticationContract performance (Art. 6(1)(b))
Instagram DM contentAI-powered automated reply generationExplicit consent (Art. 6(1)(a))
Payment info (Stripe)Subscription managementContract performance (Art. 6(1)(b))
IP address, logsSecurity and error detectionLegitimate interest (Art. 6(1)(f))
2

Retention Periods

Account dataUntil account deletion
Instagram DM history90 days
IP & audit logs2 years
Analytics data1 year
3

International Transfers

International data transfers occur to the following parties under GDPR Article 44+:

OpenAI — USAExplicit Consent Required

Instagram DM messages are sent to OpenAI's US servers for AI (GPT-4o) processing. This transfer only occurs with your explicit consent.

Stripe — USAContractual Necessity

Payment information is sent to Stripe's US servers for subscription management. Stripe is PCI DSS Level 1 certified.

4

Your Rights

Right of Access: Learn whether your personal data is processed and which data
Right to Rectification: Request correction of incorrect or incomplete data
Right to Erasure: Request deletion of data
Right to Object: Object to results of automated systems
5

Contact

To exercise your rights or for questions about your personal data, please contact:

Data Controller

TulparAI

Email: kvkk@tulparai.app

Requests will be answered free of charge within 30 days.

TulparAI © 2026  · Terms of Use · kvkk@tulparai.app